#!/bin/sh

#
# Test that signing firmware after it was made does the right thing
#

. "$(cd "$(dirname "$0")" && pwd)/common.sh"

cat >$CONFIG <<EOF
file-resource TEST {
	host-path = "${TESTFILE_1K}"
}

task complete {
	on-resource TEST { raw_write(0) }
}
EOF

# Create new keys
cd $WORK
$FWUP_CREATE -g
cd -

# Make sure that all of the calls to create below use the same time.
export SOURCE_DATE_EPOCH=1525543816

# Create the firmware
$FWUP_CREATE -c -f $CONFIG -o $FWFILE

# Sign the firmware out of place using the file way
$FWUP_CREATE -S -s $WORK/fwup-key.priv -i $FWFILE -o $FWFILE.2

# Sign the firmware out of place using the cmdline way
$FWUP_CREATE -S --private-key $(cat $WORK/fwup-key.priv) -i $FWFILE -o $FWFILE.3

# Sign the firmware in place
$FWUP_CREATE -S -s $WORK/fwup-key.priv -i $FWFILE -o $FWFILE

# Check that in place and out of place signing are the same
diff $FWFILE $FWFILE.2
diff $FWFILE $FWFILE.3

# Check that applying the firmware with checking signatures works
$FWUP_APPLY -q -p $WORK/fwup-key.pub -a -d $IMGFILE -i $FWFILE -t complete

# Check that verification works
$FWUP_VERIFY -V -p $WORK/fwup-key.pub -i $FWFILE
